Different Types of Computer Viruses

A computer virus is a program designed to harm or cause harm on an infected computer. Its spreads
through e-mail attachments, portable devices, websites containing malicious scripts and file
downloads. A computer virus attaches itself to the host files and always activate whenever you open
the infected files. The virus can replicate itself and then infect the other files on your computer causing
more damage. Below is a list of different types of computer viruses and what they do.
Macro Viruses
These viruses infect the files created using some applications or programs that contain macros such
as doc, pps, xls and mdb. They automatically infect the files with macros and also templates and
documents that are contained in the file. They hide in documents shared through e-mail and networks.
Memory Resident Viruses
They usually fix themselves inside the computer memory. They get activated every time the OS runs
and end up infecting other opened files. They hide in RAM.
Overwrite Viruses
These types of viruses delete any information in a file they infect, leaving them partially or completely
useless once they are infected. Once in the computer, they replaces all the file content but the file size
doesnt change.
Direct Action Viruses
These viruses mainly replicate or take action once they are executed. When a certain condition is met,
the viruses will act by infecting the files in the directory or the folder specified in the
AUTOEXEC.BAT. The viruses are generally found in the hard disks root directory, but they keep on
changing location.
Directory Virus
Also known as cluster virus or file system virus. They infect the computers directory by changing
the path indicating file location. They are usually located in the disk but affect the entire directory.
Web Scripting Virus
Most web pages include some complex codes in order to create an interactive and interesting content.
Such a code is often exploited to cause certain undesirable actions. They mostly originate from the
infected web pages or browsers.
Multipartite Virus
These type of viruses spread in many different ways. Their actions vary depending on the OS installed
and presence of certain files. They tend to hide in the computers memory but do not infect the hard
disk.
FAT Viruses
These lardy viruses attack the file allocation table (FAT) which is the disc part used to store every
information about the available space, location of files, unusable space etc.

Companion Viruses
These types of viruses infect files just like the direct action and the resident types. Once inside the
computer, they accompany other existing files.
Polymorphic Virus
They encode or encrypt themselves in a different way every time they infect your computer. They use
different encryption and algorithms. This makes it difficult for the antivirus software to locate them
using signature or string searches (since they are very different in each encryption).
Worm
This program is very similar to a virus and has the ability to self-replicate leading to negative effects
on your computer.
Trojans
Trojans can illegally trace important login details of users online. For example E-Banking is very
common among users, therefore, vulnerability of tracing your login details whenever your PC is
working without any strong powerful antivirus installed.
Email Virus
This is a virus spread via an email. Such a virus will hide in an email and when the recipient opens
the mail.
Browser Hijacker
This virus can spread in many different ways including a voluntary download. If infects certain
browser functions especially in form of re-directing the user automatically to certain sites. A good
example is
Browser Hijackers Include:
the cool web search
Boot Sector Virus: . If a computer is infected with Boot Sector Virus, when the computer is turned
on, the virus launches immediately and is loaded into memory, enabling it to control the computer.
File Deleting Viruses: A File Deleting Virus is designed to delete critical files which are the part of
Operating System or data files.
Mass Mailer Viruses: Mass Mailer Viruses search e-mail programs like MS outlook for e-mail
addresses which are stored in the address book and replicate by e-mailing themselves to the addresses
stored in the address book of the e-mail program.
Macro viruses: Macro viruses are written by using the Macro programming languages like VBA,
which is a feature of MS office package. A macro is a way to automate and simplify a task that you
perform repeatedly in MS office suit (MS Excel, MS word etc). These macros are usually stored as
part of the document or spreadsheet and can travel to other systems when these files are transferred
to another computers.

Armored Viruses: Armored Viruses are type of viruses that are designed and written to make itself
difficult to detect or analyze. An Armored Virus may also have the ability to protect itself from
antivirus programs, making it more difficult to disinfect.
Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus
software by making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature
which helps them to hide from heuristic detection.

 Retrovirus: Retrovirus is another type virus which tries to attack and disable the anti-virus
application running on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses
attack the anti-virus application and stop it from running or some other destroys the virus definition
database.
Multiple Characteristic viruses: Multiple Characteristic viruses has different characteristics of
viruses and have different capabilities.

Virus (Refer page133 to 152.text security in computing-charles p fleeger)

Counter measures
*
*
*
*
*
*

Use only commercial software acquird from reliable,well-established vendors

test all new software on an isolated computer
open attachments only when you know them to be safe
make a recoverable system image and store it safely
make and retain backup copies of executable system files
use virus detectors(often called virus scanners)regularly and update them daily.

TROJAN,LOGIC BOMB
There are many computer security problems which are very hard to detect. These problems occur
when a system programmer places an unwanted program in the system for his own personal gains.
To avoid these problems, code should be reviewed when a new code in placed in the system. Below
given are some of the computer security problems which can be enforced by the system programmers:
Logic bomb: A logic bomb is a code which could be written and placed in a system by a programmer.
A logic bomb needs a trigger to be activated. A trigger is actually a specific condition which needs to
be fulfilled to activate the logic bomb. Logic bomb is not easy to find out in the system and it is
mostly untraceable. It is activated only when certain conditions are met. Logic bombs can delete files,
encrypt data or lock the system down which can be unlocked only by the person who placed the logic
bomb.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that
execute a certain payload at a pre-defined time or when some other condition is met. This technique
can be used by a virus or worm to gain momentum and spread before being noticed.
Trap door: A trap door is a login which can be created by the system administrator to log in to a
system by using a default or no password. Trap doors are a security problem because the owner of
the computer doesnt know that there is a trap door in place and unauthorized login is possible.
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer
system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote
access to a computer, or obtaining access to plaintext in cryptographic systems.
A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented -method of gaining access to an application, operating system or online service. Programmers write
trapdoors into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of
activities from benign troubleshooting to illegal access.
Weaknesses in design logic also can introduce trapdoors into program code inadvertently and
innocently. Many software developers include undocumented trapdoor passwords, which they use for
maintenance or unspecified purposes. Software companies rarely acknowledge the presence of
trapdoors and trapdoor passwords in proprietary software -- software whose source code is not
distributed publicly -- but users sometimes expose them.

Trojan horse
Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses
onto your computer. A Trojan horse, often shortened to Trojan, is a type of malware designed to
provide unauthorized, remote access to a users computer. Trojan horses do not have the ability to
replicate themselves like viruses; however, they can lead to viruses being installed on a machine since
they allow the computer to be controlled by the Trojan creator. The term gets its name from the Greek
story of the Trojan War, when the Greeks offered the Trojans a peace offering in the form of a large
wooden horse. However, once the Trojans wheeled the horse behind their closed gates and night fell,
the soldiers hidden inside the horse climbed out and opened the city gates, allowing the Greek army
to infiltrate Troy and capture the city. Trojan horse software operates the same way, where Troy is
your computer and the horse is the benign-seeming application. Trojan horses can assist an attacker
into turning a users computer into a zombie computer, stealing various data such as credit card
information, installing more malware, keylogging and various other malicious activities. Also, it is
possible for other crackers to control the compromised computer simply by searching for computers
on a network using a port scanner and finding ones that have already been infected with a Trojan
horse. Trojan horses continue to increase in popularity and currently account for the majority of
known malware found on the web.
Login spoofing: Login spoofing is a technique used by a programmer to place a fake login screen in
front of the user which looks exactly like the regular login screen. After the user has entered the
username and password and when he hits the login screen, the password is acquired by the
programmer and the original login screen is displayed. The user thinks that he made a typo while
entering the password and logs in again not knowing that his password has been acquired.

Secure E-mail,PGP,S/MIME(Refer pages 535-540

text.charles p fleeger,security in computing)
E-mail is vital for today's commerce, as well a convenient medium for communications
among ordinary users
It is very public, exposed at every point from the sender's workstation to the recipient's screen.
E-mail messages are exposed and available for others to read.
Sometimes we would like e-mail to be more secure. To define and implement a more secure
form, we begin by examining the exposures of E-mail
THREATS TO E-MAIL
message interception (confidentiality)
message interception (blocked delivery)
message interception and subsequent replay
message content modification
message origin modification
message content forgery by outsider

message origin forgery by outsider

message content forgery by recipient
message origin forgery by recipient
denial of message transmission
If we were to make a list of the requirements for secure e-mail, our wish list would include
the following protections.
message confidentiality (the message is not exposed en route to the
receiver)
message integrity (what the receiver sees is what was sent)
sender authenticity (the receiver is confident who the sender was)
nonrepudiation (the sender cannot deny having sent the message)
Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the
Internet, as well as authenticate messages with digital signatures and encrypted stored files.
Previously available as freeware and now only available as a low-cost commercial version,
PGP was once the most widely used privacy-ensuring program by individuals and is also used
by many corporations. It was developed by Philip R. Zimmermann in 1991 and has become
a de facto standard for email security.
How PGP works
Pretty Good Privacy uses a variation of the public key system. In this system, each user has an
encryption key that is publicly known and a private key that is known only to that user. You
encrypt a message you send to someone else using their public key. When they receive it, they
decrypt it using their private key. Since encrypting an entire message can be time-consuming,
PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to
encrypt the shorter key that was used to encrypt the entire message. Both the encrypted
message and the short key are sent to the receiver who first uses the receiver's private key to
decrypt the short key and then uses that key to decrypt the message.
PGP comes in two public key versions -- Rivest-Shamir-Adleman (RSA) and Diffie-Hellman.
The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to
generate a short key for the entire message and RSA to encrypt the short key.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key
encryption and signing of MIME data. S/MIME is on an IETF standards track and defined
in a number of documents, most importantly RFCs 3369, 3370, 3850 and 3851.
S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending email that uses the Rivest-Shamir-Adleman encryption system. S/MIME is included in the
latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed
by other vendors that make messaging products. RSA has proposed S/MIME as a standard to

the Internet Engineering Task Force (IETF). An alternative to S/MIME is PGP/MIME, which
has also been proposed as a standard.
MIME itself, described in the IETF standard called Request for Comments 1521, spells out how an
electronic message will be organized. S/MIME describes how encryption information and a digital
certificate can be included as part of the message body. S/MIME follows the syntax provided in the
Public-Key Cryptography Standard format #7.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted method, or

more precisely a protocol, for sending digitally signed and encrypted messages. S/MIME
allows you to encrypt emails and digitally sign them. When you use S/MIME with an email
message, it helps the people who receive that message to be certain that what they see in their
inbox is the exact message that started with the sender. It will also help people who receive
messages to be certain that the message came from the specific sender and not from someone
pretending to be the sender. To do this, S/MIME provides for cryptographic security services
such as authentication, message integrity, and non-repudiation of origin (using digital
signatures). It also helps enhance privacy and data security (using encryption) for electronic
messaging.

SMART CARDS
A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card that has embedded
integrated circuits. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes
polyethylene terephthalate based polyesters, acrylonitrile butadiene styrene or polycarbonate.
A smart card is a plastic card about the size of a credit card, with an embedded microchip that can
be loaded with data, used for telephone calling, electronic cash payments, and other applications, and
then periodically refreshed for additional use.
Smart Card?
A smart card is a special type of card like device which contains an integrated circuit chip embedded
on it. The IC chip can be a microprocessor with memory or just simple memory circuit. In simple
laymans words, a smart card is the card with which we can exchange the data, store it and manipulate
data.
How does the Smart Card Works?
A smart card is connected to the host computer or controller via a card reader which gets information
from the smart card and accordingly passes the information to the host computer or controller.

A Basic Smart Card Working System

What is a Smart Card Reader?
A smart card reader is a device to which the smart card is connected either directly or indirectly using
RF communication. It interfaces with the PC or a microcontroller using USB port or RS232 serial
ports. It can be a contact or contactless reader.

Smart Card Reader

2 Types of Smart Card based on Connection to the Smart Card Reader
Contact Smart Card: This type of smart card consists of electrical contacts which are used
to connect to the card reader where the card is inserted. The electrical contacts are deployed
on a conductive gold plated coating on the card surface.
A Contact Smart Card with Electrical Connections
Contactless Smart Card: This type of smart card communicates with the reader without any
physical contact. Rather it consists of an antenna with which it is used to communicate using
Radio Frequency band with the antenna on the reader. It usually receives power from the
reader via the electromagnetic signal.
A Contactless Smart Card
2 Types of Smart Cards based on their Functionalities and Configuration
Memory Cards: These are cards which only consist of memory circuits. It can only store,
read and write data to a particular location. The data cannot be processed or manipulated. It
can be a straight memory card which is only used to store data or a protected memory card
with a restricted access to the memory and which can be used to write data. It can also be a
rechargeable or a disposable card which contains memory units which can be used only once.
A Memory Smart Card
Microprocessor Based Cards: These cards consist of microprocessor embedded onto the
chip in addition to the memory blocks. It also consists of specific sections of files with each file
associated with a particular function. The data in files and the memory allocation is managed via an
operating system which can be a fixed operating system or dynamic operating system. It allows for
data processing and manipulations and can be used for multifunctioning.
Microprocessor Based Smart Card
4 Steps to Construct a Smart Card
The first step involves designing. The designing involves specifying the chip for the memory
size, clock speed, volatile memory types, type of operating system and specifying the
application software, specifying the card type, size and functioning and additional features.
The second step involves chip fabrication. This involves mounting the silicon chip on an
epoxy glass substrate with gold plated connectors, using a die. The silicon chip is bonded to
the connectors using connecting wires (wire bonding technique) or using flip chip technology
(using a solder). The chip on board substrate is then sealed using epoxy resin and glued to the
card substrate. The card substrate can be PVC based plastic card or Polyester based card.
The third step involves loading the code to the memory using special commands.
The fourth step involves data loading into the PROM memory such that the data pertains to
the single person.
Advantages of Smart Card:
Might be promptly reconfigured
Reusable

Secure transactions
Gives more security
More tough and dependable
Permit numerous provisions to be saved in one card

5 Areas of Smart Card Applications:

Telecommunications: The most prominent use of smart card technology is in the
development of SIM card or Subscriber Identity Module. A SIM card provides unique
identification to each subscriber and provides network access to each subscriber and manages
its authentication.
A SIM Card
Domestic: The most frequently used smart card in domestic field is the DTH smart card. This
card provides authorized access to the information coming from the satellites. In simple words
the card with which we can get access to the Direct to Home TV services is nothing but a
smart card. The information is encrypted and decrypted within a smart card.
A basic DTH System with the Smart Card
Ecommerce and Retail: Smart card can be used to store information like a persons account details,
the transaction details and can be used in purchasing goods online by acting as a credit card. Some
retailers can also use smart cards to store points for a particular customer and provide necessary
incentives to repeated customers.
Banking Application: The most prominent use of smart card in banking application is the
replacement of the traditional magnetic stripe based credit or debit card. An example is the
MasterCard and VISA.
VISA Smart Card
Government Applications: Smart cards are being used by Government to issue identity cards
to individual, which contains all the details of the individual. An example is the recently started Adhar
card scheme in India.
Adhar Card Model
Secured Physical access: Smart cards can be used by Organizations or differed public areas
to provide authorized access to the employees (members of the organization) or other persons
to the secured areas. The smart card generally contains identity details of the individual which
is scanned and checked.
A Sample ID Card for Organizations
A Working Application of a Smart Card System to provide Authorized Access to Secured
Areas
As seen, one of the prominent applications of a smart card is storing the identity of an individual.
When the person tries to enter a secured area, the data in his/her smart card is checked with the
available data in the database and if matched, the person is allowed access, else not.
The system consists of 4 main parts:
A smart Card which is generally a contact memory smart card which contains the information
about the individual.
A smart card reader which is generally a contact smart card reader and is used to read

information from the card.

A controller which receives data from the smart card reader via the RS232 interface.
A load which is a relay in this case, used to drive a motor and connected to the controller via
the relay driver IC.
The Working of the System is as follows:

Block Diagram showing a Smart Card System to allow Authorized Access by Edgefx Kits

 The individual inserts his/her card in the card reader.

The card reader sends the data to the MAX 232 IC through the DB9 connector.
The Microcontroller receives the data from the MAX 232 and is accordingly programmed to
compare the obtained information with the stored information in the database.
If the data matches, the Microcontroller develops logic high at its output pin, connected to the
input pin of the relay driver.
The relay driver IC accordingly develops a low logic at its output and energizes the relay.
The common contact of the relay is now connected to the normally open contact and the motor
connected in series with the relay contacts is rotated such that the door is opened.
In case the data doesnt matches, the microcontroller is programmed to develop logic low at
its output pin and the relay accordingly doesnt get energized, keeping the door shut.
The obtained output is accordingly displayed on the LCD which shows whether the data is
matched or not.
So this is a basic overview of the smart cards. Any further details are welcome to be added.

SPAM
What is SPAM?

irrelevant or unsolicited messages sent over the Internet, typically to large numbers of users,
for the purposes of advertising, phishing, spreading malware, etc.

send the same message indiscriminately to (a large numbers of Internet users).

Electronic Spamming

Electronic spamming is the use of electronic messaging systems to send an unsolicited

message (spam), especially advertising, as well as sending messages repeatedly on the same
site.

the most widely recognized form of spam is email spam.

The term is applied to similar abuses in other media:

Instant messaging spam

Usenet newsgroup spam

Web search engine spam

spam in blogs

wiki spam

Email spam

Email spam, also known as junk email is a subset of electronic spam whereby a single
unsolicited message is sent by email.

Spam email may also include malware as scripts or other executable file attachments.

Spammers collect email addresses from chatrooms, websites, customer lists etc

these email addresses are sometimes also sold to other spammers

Types of SPAM

Image spam

Blank spam

Image spam
Image spam, or image-based spam, is an obfuscating method in which the text of the message is
stored as a GIF or JPEG image and displayed in the email.
image spam contains computer-generated text which simply annoys the reader
Blank spam

Blank spam is spam lacking a payload advertisement. Often the message body is missing
altogether, as well as the subject line. Still, it fits the definition of spam because of its nature
as bulk and unsolicited email.

Blank spam may be originated in different ways, either intentional or unintentionally:

Blank spam can have been sent in a directory harvest attack, a form of dictionary attack for
gathering valid addresses from an email service provider.

Blank spam may also occur when a spammer forgets or otherwise fails to add the payload
when he or she sets up the spam run.

Some spam may appear to be blank when in fact it is not.

KRYPTOKNIGHT

The importance of secure communication in todays distributed system are universally

acknowledged.

For this reason much effort have been recently invested into providing security services in a
variety of networks.

One of the most well known efforts is Kerberos, a network security service originally
developed at MIT.

A new security service called KryptoKnight developed jointly by IBM Zurich & Yorktown
Research Laboratories.

KryptoKnight provides authentication & key distribution services to applications and

communicating entities in a network.

KryptoKnight implements a family of novel authentication and key distribution protocols

designed with assurance of security with respect to number of attacks.

An authentication & key distribution system that provides facilities for secure communication
in any type of network environment.

Kryptoknight was designed with the goal of providing network security services with a high
degree of compactness & flexibility.

Message compactness of KryptoKnight protocol allows it to secure communication protocol

at any layer without requiring any major protocol augmentations in order to accommodate
security related information's.

KryptoKnight avoids the use of bulk encryption, as it is easily exportable.

KrypoKnight functions at both end points of communication and can perform different
security tasks depending on the particular network configuration.

KRYPTOKNIGHT OVERVIEW

Kryptoknight offers four services

1. Single Sign On
2. Two Party Authentication
3. Key Distribution
4. Authentication of orgin & contents of Data

Single Sign On
As a first step, the user authenticates himselft to the kryptoknight system by executing kklogin
command. The purpouse of this command is to perform a unified, network wide login from the user.
In the 1st message user tells the Authentication server that he wants to log on,specifying his own
name.
This message allows the authentication servers to validate the user as it contains a value which is a
function of both the current time and user password and is reffered as PRE-AUTHENTICATION.

The second message contains the relply from the Authentication servers which is sealed with
a key derived from the users password.

At this point kklogin prompts the user for his password and uses this to unseal the ASs Reply
retrieving the details(ticket) contained in it.

A successful results implies that user had provided a correct password and proved the idendity.

Using this details by kryptoknight primitives, an entity can communicate with remote peers
and prove that this is in fact executing on this behalf of the particular user.

Since user authentication takes place once,until the user explicitly terminates the login session
by executing the kklogoff command,and any number of local programs can utilize its result
when authenticating themselves to remote programs and this program is known as Single
Sign On or SSO.

2)Two Party Authentication

An entity can use kryptoknight Application programing interface(API) library to obtain

further proofs of its delegation in order to authenticate itself to remote peers.

An entity refferd to as an INTIATOR, starts the authentication process by issuing an API call
that returns a authentication message.

This authentication message is sent to the remote peer entity, known as RESPONDER,
receives the message,it issues a corresponding API call that verifies the validity of incoming
authentication message.

Depending upon the authentication parameters, either one way authentication or mutual
authentication can be performed.

In case of 1 way authentication, the first message authenticates the initiator to responder. If
the verification is successful the responder will make sure that the initiator is valid and also
truely acting

In case of mutual authentication, the exchange of messages created via respective API Calls,is
required: one will authenticate the RESPONDER to INITIATOR, the other will complete
the protocol by finally authenticating the INITIATOR to RESPONDER.

3)Key Distribution

The authentication protocol requires both initiator and responder who share a secret key.

The entire process of contacting the authentication server, proving ones identity and receiving
key is hidden from the entities using the kryptoknight protocol

In other words whether or not 2 parties share a secret key they make the same API Calls with
exactly the same parameters

4)Data origin & Content Authentication

Successful authentication between two entities establishes a kryptoknight session which is

characterized by their shared secret key. This session serves as a context for further secure
communication between the two parties.

It will be terminate either explicitly, by one of the communicating parties sending to the
another party a request to end the session, or implicitly upon the expiration of the shared key.

Until the session termination, the entities can through the KryptoKnight API, authenticate the
contents and the origin of the data messages exchanged.